update blog (securearch)

_posts/life/2021-08-06-zhujue.md

@@ -1,5 +1,5 @@
 ---
-title: 主角 by 陈彦
+title: Novel | 主角 by 陈彦
 # pin: true
 categories: [literature]
 tags: [life, reading, book excerpt]

_posts/life/2021-09-08-plague.md

@@ -1,5 +1,5 @@
 ---
-title: The Plague by Albert Camus
+title: Novel | The Plague by Albert Camus
 categories: [literature]
 tags: [life, reading, book excerpt]
 ---

_posts/life/2023-04-04-crimeandpunishment.md

@@ -1,5 +1,5 @@
 ---
-title: Crime and Punishment by Fyodor Dostoevsky
+title: Novel | Crime and Punishment by Fyodor Dostoevsky
 categories: [literature]
 tags: [life, reading, book excerpt]
 ---

_posts/life/2023-05-28-siddhartha.md

@@ -1,5 +1,5 @@
 ---
-title: Siddhartha by Hermann Hesse
+title: Novel | Siddhartha by Hermann Hesse
 categories: [literature]
 tags: [life, reading, book excerpt, book brief]
 ---

_posts/life/2023-07-27-amusingtodeath.md

@@ -1,5 +1,5 @@
 ---
-title: Amusing Ourselves to Death by Neil Postman
+title: Media Ecology | Amusing Ourselves to Death by Neil Postman
 categories: [literature]
 tags: [life, reading, book excerpt]
 ---

_posts/tech/2023-11-19-securearch.md

@@ -282,6 +282,19 @@ Properties:
 
 ![](partsys.png){: w="450px"}
 
+**Policy**
+
+Pump:
+> A pump is a trusted program in a separate partition that moves data from a low security level to a high security level without returning acknowledgements except in a controlled way; e.g., very slowly, in batches.
+
+Trusted Guard:
+> A guard is a trusted program in a separate partition that moves data from a high security level to a law security level by removing (i.e., scrubbing) all sensitive information or by creating a cover story (i.e., modifying data with non-sensitive information).
+
+Crypto Separation:
+> Classifying sensitive plaintext (red) and ciphertext (black). Ensure no red data transferred to black (untrusted) partition.
+> 
+> Adding header and encrypt the plaintext (red) to a ciphertext (black). Then could transfer it to black partition.
+
 #### Application
 
 Applicable:
@@ -292,11 +305,43 @@ Applicable:
 2. Multi-level Security Application
 > communication between high and low level application
 
+3. Red-Black Crypto Controller
+> The red-black separation is intended to transform and move red (classified) data to black (unclassified) data by trusted message encryption and trusted header-information control. That is no information from the red partition can move to the black partition.
+
+    need four partitions
+    > red, header, encryption, black
+
+    need four channels for communication 
+    > red-> header, red -> encryption, header -> black and encryption -> black
+
+    ![](rbcc.png){: w="400px"}
+
 Not applicable:
 
 1. Commodity workstations
 > complex, out-of-date assurance
 
+### Security Kernel
+
+#### Properties
+
+1. Isolated
+> have only several entry points where kernel could transfer control only to the caller
+> 
+> kernel entry/call parameters must be checked when passed by value
+>
+> timing consistency of access checks (Time-of-check-to-time-of-use atomicity)
+
+2. Complete reference mediation
+> all references to an object by a user process/program must be checked for the permission allowed by the access-control policy component of the kernel
+>
+> applied by any policy
+
+3. Small enough to be verifiable
+> does not contain large systems like file system and dir. system
+
+### Separation Kernels vs. Security Kernels vs. VM Monitors
 
+![](sepkseck.png){: w="400px"}
 
-[saving space]
+![](sepkvmm.png){: w="400px"}